CloudSafe: Securing data processing within vulnerable virtualization environments in the cloud

Data protection in public cloud remains a challenging problem. Outsourced data processing on vulnerable cloud platforms may suffer from cross-VM attacks, e.g. side-channel attacks that leak secrecy keys. We design and develop CloudSafe, a general and practical data-protection solution by integrating...

Full description

Saved in:
Bibliographic Details
Published in2013 IEEE Conference on Communications and Network Security (CNS) pp. 172 - 180
Main Authors Huijun Xiong, Qingji Zheng, Xinwen Zhang, Danfeng Yao
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2013
Subjects
Cloud computing
cloud security
Encryption
one-time key
outsourced computation
proxy re-encryption
Servers
side-channel attack
Virtual machine monitors
Virtualization
Online AccessGet full text

Cover

More Information
Summary:Data protection in public cloud remains a challenging problem. Outsourced data processing on vulnerable cloud platforms may suffer from cross-VM attacks, e.g. side-channel attacks that leak secrecy keys. We design and develop CloudSafe, a general and practical data-protection solution by integrating cryptographic techniques and systematic mechanisms seamlessly to address this issue. CloudSafe first allows a data owner to outsource encrypted data in the cloud. It then employs a cloud-based proxy to re-encrypt stored encrypted data and delivers it to authorized cloud applications upon access requests. To combat cross-VM side-channel attacks, the final data decryption key is one-time use and can be retrieved from the data owner ondemand. Any key leakage after an authorized access cannot compromise data confidentiality. For data sharing, CloudSafe allows authorized applications to efficiently access the protected data. The prototype evaluation demonstrates the efficiency of the scheme towards large-scale cloud applications.
DOI:10.1109/CNS.2013.6682705